The payments industry is evolving to support payment form factors that provide increased protection against counterfeit, account misuse, and other forms of fraud. While chip cards can provide substantial protection for card-present transactions, a similar need exists for further protections for card-not-present and hybrid transaction environments to minimize unauthorized use of account holder data and to prevent cross-channel fraud. Tokenization systems hold substantial promise to address these needs.
In a traditional electronic payment transaction, a consumer's primary account number (PAN) information is exposed to various entities involved during the transaction lifecycle. The PAN is passed from a merchant terminal, to an acquirer system, a payment processing network, payment gateways, etc.
Because the PAN can be exposed at various points in the transaction lifecycle, payment “tokens” have been developed to conduct payment transactions. A payment token serves as an additional security layer to the PAN and in effect becomes a proxy/surrogate to the PAN. Thus, the payment token may be used in place of PAN while initiating payment or submitting transactions. The use of payment tokens instead of PANs can reduce the risk of fraudulent activity since the real PAN is not exposed.
However, in the conventional tokenization systems, the issuer is not able to perform consumer authentication before the financial transaction begins. Consumer authentication is the process of verifying a consumer's ownership of an account. Accordingly, the issuer only confirms that the payment account provided to the issuer in a transaction request message can be used to conduct the transaction. The issuer is unable to confirm that the account is being used by the rightful owner or assignee. Thus, it is desirable to authenticate the consumer in a transaction (e.g. a tokenized transaction) before the transaction is authorized. This will benefit all payment system participants including consumers, merchants, and financial institutions. Authenticating consumers will reduce the levels of fraud, disputes, retrievals, and chargebacks, which subsequently will reduce the costs associated with each of these events.
Moreover, for tokenized transactions, the token(s) can be provided by a plurality of token service providers. Thus, it is desirable for an authentication entity performing consumer authentication to be able to work with a plurality of token service providers.
Embodiments of the invention address these and other problems, individually and collectively.